Brace yourselves, the post-Schrems II supplemental measures are coming!

The European Data Protection Board adopted recommendations on measures that supplement transfer tools to ensure compliance with the European Union level of protection of personal data, as well as recommendations on the European Essential Guarantees for surveillance measures.

“The implications of the Schrems II judgment extend to all transfers to third countries. Therefore, there are no quick fixes, nor a one-size-fits-all solution for all transfers, as this would be ignoring the wide diversity of situations data exporters face. Data exporters will need to evaluate their data processing operations and transfers and take effective measures bearing in mind the legal order of the third countries to which they transfer or intend to transfer data,” said EDPB chair Andrea Jelinek

The European Essential Guarantees recommendations provide data exporters with elements to determine if the legal framework governing public authorities’ access to data for surveillance purposes in third countries can be regarded as a justifiable interference with privacy rights.

Details in this EDPB Press Release.


Continue Reading EDPB Adopts Measures on Post-Schrems II Supplemental Data Transfer Tools

Connected vehicles process a lot of data. Some of it is personal data under the General Data Protection Regulation (GDPR). The European Data Protection Board has issued draft guidelines for handling that data.

  • What data is personal data?
  • Who are the stakeholders?
  • What is the legal basis?
  • How do you operationalize transparency?
  • How do you

The European Data Protection Board issues guidance on consent, in reliance upon the Working Party Article 29 Guidelines on Consent.

Key additions/ takeaways.
  • Consent relying on an alternative option offered by a third party fails to comply with the GDPR.
  • A service provider cannot prevent data subjects from accessing a service on the basis that

Speak to me in algorithms.

The European Data Protection Board (EDPB) has issued a letter on the appropriateness of the GDPR as a legal framework to protect citizens from unfair algorithms.

“Considering the already extensive existing legal framework, the EDPB considers additional legislation in the area of data protection aimed at a specific technology [such

The European Data Protection Board has issued long-awaited final guidelines for the extraterritorial application of the General Data Protection Regulation (GDPR).

Key changes:
  • GDPR can apply extraterritorially to some streams of data processing and not others, and not to the entire entity.
  • GDPR applies to many non-EU data processors, including cloud storage providers for data

The European Data Protection Board (EDPB) publishes its first annual report and reveals a road map for guidance to come.

In 2019 and 2020, the EDPB aims to focus on data subjects’ rights, the concept of the controller and processor and legitimate interest.

The EDPB will also consider technologies such as connected vehicles, blockchain, artificial